Some files inside the cab file are probably compressed with UPX or another compressor. Virus makers use UPX and other compressors to make it more difficult for virus scanners to see what a program does (needs to be unpacked first). But UPX compression isn't dangerous on its own.

UPX compression might not be the problem, I'm not sure if the CAB is compressed with it or the files contained in the CAB. I extracted the astra.cab on an anti-virus free machine and copied single files to a protected machine and the only file McAfee still has a problem with is the ASTRA.PRG file.

I got tired of this anti-virus issue so I decided to rebuild the astra.cab myself, here's how;

1) Grab the latest version of Astra from http://www.sysinfolab.com/2) Extract contents to a folder eg. C:\dosapps\astra
3) Find a copy of MS's cabarc.exe, it might be in a resource kit not sure
EDIT: Get it here: http://support.microsoft.com/kb/3106184) Place cabarc.exe in c:\dosapps
5) Create a blank text file in c:\dosapps and rename to makecab.bat
6) Edit file and paste this line @cabarc -m LZX:21 -p -r -P astra\ n astra.cab astra\*.* save file and double click it

You should now have a new astra.cab in c:\dosapps, move it to your dosapps folder within UBCD and recreate your ISO

McAfee has been doing the same for about a month now, I haven't found away to alert them of a possible false-positive

Use their forums, and ask...or check their "contact us" tab on their website. All antivirus companies should have a way to report false positives..and if they don't, then they are too cheap to care about their customers and I would recommend moving to another AV. I personally use Avira AntiVir Personal, which is free and does not detect that cab as dangerous.

There's nothing like that at all on their website, I searched for what seemed like weeks. One spot I found seemed to be what I was looking for but all it did was upload the file to them so THEY can tell me again that the file might be suspect.

I'll stick with my fix of updating the astra software over redeploying a new AV product to over 400 computers any day. As much as I don't like it the licensing was just renewed for three more years.

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum